Recent Product Enhancements: Additional Security Updates for Data Confidentiality & System Audit Logs

Cloud

November 23, 2020

 

 

The Sodales platform is already enabled with best-in-class security for external  & internal secure access with role-based permissions. The solution is enabled with the industry’s highest level of encryption capabilities using TLS 1.2 protocols with full support for key-store encryption within the customer’s network.

The system admin can easily create security role-based views for various entities and departments. With role-based permissions, the system can set up the rules to retrieve information and edit/delete it through the admin console. Each group is set-up locally within the Sodales tool. The administrator is given the right to change the information at any given time. The solution can allow an administrator logged in as a user to audit logs of all activities for accuracy. Using security permissions and authorizations, the solution can have edit rights given to the right roles while other roles will only have controlled view access.

The role-based permissions are setup to ensure the applications, pages, fields, and data points displayed to a user are always only on a need-to-know basis. In addition to the data level access, we can also configure network-level security to allow or deny access from outside a specific network.

Recently we enhanced the solution to embed security and confidentiality at the process-level. Here is how it works.

For the effective processing of certain cases, it is necessary for HR Personnel including health and safety directors and Labor relations leads to gain access to sensitive information such as SIN numbers, date of birth and gender of an employee. To ensure the consent of your employees and restrict the visibility to information of such nature, Sodales has implemented the following feature upgrades on the front end in addition to the existing field level encryptions.

  1. Disclosure only when needed – Sensitive/Confidential information is only made available upon consent from the employee. For example:- In order to process an Injury claim the HR personnel needs the SIN number of the employee. To provide this information to the HR personnel the employee is required to access his portal and submit his workers claim form as an attachment and check to agree to the limited usage of their confidential information. The employee is also provided with a detailed disclaimer of the usage policy.
  2. Access Expiration – The HR personnel upon receiving the consent/approval from the employee can only view the employee’s confidential information while their claim processing status is active. Once a claim or the case is closed this information is no longer accessible. In addition to that the HR personnel is also limited by a total number of 3 times that they can access this information.
  3. Access Auditing Log – Whenever an HR personnel requests to access a confidential information the system prompts the user to enter a reason for access and keeps a record of the Time, Date and Name of the user who accessed the information in the summary log of the case.
  4. User Roles and User Restrictions – Depending on your organizations needs we are able to configure this feature to allow either a certain user role such as HR leads or specific users such as an HR Director to access this information.
  5. Disclaimer and Agreement – The Employee and the HR personnel are provided relevant pop up confirmations with detailed description of the usage policies, what they are agreeing to and general instructions to follow while handling information of sensitive nature at each step. The users are required to read and agree to the terms before continuing to access the information.

If you would like to learn more, please contact us at info@sodalessolutions.com for a personalized demonstration.

Experience the only fully integrated approach to health, safety, and employee relations

GET DEMO